System NS. The inside

Initially, the intended purpose of the System-NS was to become a service for personal use. However, we (developers) have been carried away while designing it, so our project turned out to become a shared resource.

How it was done

Not so long ago we found ourselves in need of the secondary DNS service in order our servers to be available during the downtime of the master server. Since the solutions available on the market did not meet our needs, we started the development of our own project in November 2012. It was designed to: 1. update and configure the slave-zones of all servers at the fastest possible rate 2. allow avoiding the need to install and configure additional central administration applications or to perform static configuration of updates/add zones with predefined list of master server’s IP-addresses.

Thus, our project became available on January 21, 2013, and its popularity was gradually growing. Initially, only secondary DNS service was available, but then we added the dynamic DNS and the managed DNS services in quick succession. The domain information storage system chosen in a course of the secondary DNS service development allowed reading and editing a huge amount of records almost instantly, which led us to the idea of creating the dynamic DNS. After the successful development and testing of the said service, we found ourselves pondering of what to do next. Some bright guy from the staff (no one knows who exactly, but everyone is sure that it was his very idea) said: “Why would we manually edit domains if we can design a domain management interface.” (I, for one, am positive that the idea was mine).

After implementing the simple interface for editing domain records, we added a feature of transferring the secondary domain to the managed domain, since some of our users could be interested in it. During the course of development we faced the need to import domains by means of a ready zone (e.g. as a bind file) or by using AXFR. This feature came in handy on multiple occasions, thus, we added it to the public release.

Please find below a short summary of our services and their features:

Secondary. Quick, convenient, and easy zone transfer in a single click. Its operating sequence is as follows: “who the domain is served by” request addressed to root servers, polling every server from the received list, and the AFXR transfer attempt prior to the first response. Dynamic. Instant cache reset after updating IP-address. Implementation of IP-address management by means of API calls. Examples of auto-update scripts for Windows, OS X, Linux, EC 2, and OPENWRT are available on our website.

Managed. Provides convenient tools for editing zone contents, including ability to import them from the BIND zone file format, or by the direct AXFR transfer query to the specified master server.

One of our development objectives was to involve as many external modules as possible to avoid writing more code. We spent plenty of time looking for suitable modules (ones that provided all the necessary functions and did not contain bugs). During this search several junior employees lost their faith in the impeccability of open source projects. After a lot of struggle we decided that ZF2 – Doctrine ODM – BjyAuthorize – ZfcUser would be our combination of choice.

Please find below some details about the said components: Frontend: 1. Zend Framework (ZF) 2. We already happened to involve ZF into several prior projects, and after the System-NS development started, we were looking forward to work with ZF2, since it appeared to be more convenient and efficient than its predecessor. 2. Doctrine ODM. Module that enables mongoDB documents conversion into php objects. This module was chosen for virtually one purpose: to see what advantages it could provide when working with mongoDB (usually we work with our own class/wrapper). This module appeared to be excessive and somewhat inconvenient. 3. MongoDB. Distinguished document oriented database, which we use for virtually each of our projects. Its sole disadvantage is a lack of transactions, however, they can be implemented, should one be determined to do so. 4. BjyAuthorize. Provides means of restricting access to certain site sections, based on the user “role”. 5. ZfcUser. User management module complete with configurable registration and authorization procedures. Fully compatible with the Doctrine ODM and the BjyAuthorize. 6. Twitter Bootstrap. Nifty set of the CSS templates that greatly simplify the responsive design task and layout in general.

Backend: 1. Self-written DNS server (C++) – worth attention on its own. Currently, I cannot provide too many details due to the respective NDA terms. The sole reason for writing it was to deal with any performance issues. Our setup includes a single 2 GHz core capable to process up to 3-3.5 million queries per second, which corresponds to approximately 1.4 Gb of DNS traffic (average). The same technology, courtesy of the owner, was implemented into public service in a slightly abridged form. It has its own controllable cache, but generally depends on the external data store. 2. Memcached – used as a binary-structured repository for the domain zone records for the sole purpose of avoiding memory allocation in the DNS daemon (please refer to the next paragraph for details). We also considered the fact that the DNS tcmalloc would be arguably faster, but in the end it was decided not to burden the dns with extra functions. 3. Self-written daemon that replicates server data and saves snapshots to the hard drive (C++).

Physical location of the service is shared between six servers. Four of the said servers (located in Canada, France, Ukraine, and Russia respectively) host the frontend component. The other two servers (located in Norway and Czech Republic) are used only for data replication. We are using failover traffic balancer provided by the Clustertech AS (Norway) located on the anycast segment, which will be presented for public usage in the near future (2015Q2).

Since the basic service is free, we’re not maintaining our own anycast segment by its cost (we have there spective capabilities, however). It is quite possible, though, that we will start to.

We always do everything possible to answer our users’ requests quickly to product support service and check any received feedback. Also, we welcome any suggestions that would help us to improve our services and add new features, so that product can become more convenient to use.

Currently, all the site services are available absolutely free. Upon completing registration, you will get a license to operate a certain number of domains. Subscribing to our Facebook page will yield a nice bonus, too.

Thank you for your attention and being interested in our service.

submitted by systemns
[link] [1 comment]

Powered by WPeMatico